[Webkit-unassigned] [Bug 95398] New: ASSERTION FAILURE in JSC::JSGlobalData::float32ArrayDescriptor when running fast/js/dfg-float64array-crash-log.txt
bugzilla-daemon at webkit.org
bugzilla-daemon at webkit.org
Wed Aug 29 16:25:19 PDT 2012
https://bugs.webkit.org/show_bug.cgi?id=95398
Summary: ASSERTION FAILURE in
JSC::JSGlobalData::float32ArrayDescriptor when running
fast/js/dfg-float64array-crash-log.txt
Product: WebKit
Version: 528+ (Nightly build)
Platform: Unspecified
OS/Version: Unspecified
Status: NEW
Keywords: NeedsRadar
Severity: Normal
Priority: P2
Component: JavaScriptCore
AssignedTo: webkit-unassigned at lists.webkit.org
ReportedBy: jberlin at webkit.org
CC: webkit-bug-importer at group.apple.com, fpizlo at apple.com,
mhahnenberg at apple.com
The prime suspect on this one is http://trac.webkit.org/changeset/126387, although current history does not allow me too look that far back to confirm my suspicions.
I suspect this the same underlying issue is also affecting
fast/js/dfg-int32array.html
fast/js/dfg-float32array.html
fast/js/dfg-uint8clampedarray.html
fast/js/dfg-poison-fuzz.html
fast/js/dfg-float64array.html
fast/js/dfg-int32array-overflow-values.html
fast/js/dfg-inline-function-dot-caller.html
because the crash log links for them are all like "no crash log found for WebProcess:31005. Process failed to become responsive before timing out."
http://build.webkit.org/results/Apple%20MountainLion%20Debug%20WK2%20(Tests)/r126586%20(192)/fast/js/dfg-float64array-crash-log.txt
Process: WebProcess [31395]
Path: /Volumes/VOLUME/*/WebKit2.framework/WebProcess.app/Contents/MacOS/WebProcess
Identifier: com.apple.WebProcess
Version: 537+ (537.6+)
Code Type: X86-64 (Native)
Parent Process: WebKitTestRunner [31394]
User ID: 501
Date/Time: 2012-08-24 08:40:09.699 -0700
OS Version: Mac OS X 10.8 (12A269)
Report Version: 10
Crashed Thread: 0 Dispatch queue: com.apple.main-thread
Exception Type: EXC_BAD_ACCESS (SIGSEGV)
Exception Codes: KERN_INVALID_ADDRESS at 0x00000000bbadbeef
VM Regions Near 0xbbadbeef:
-->
__TEXT 000000010de25000-000000010de26000 [ 4K] r-x/rwx SM=COW /Volumes/VOLUME/*/WebKit2.framework/WebProcess.app/Contents/MacOS/WebProcess
Thread 0 Crashed:: Dispatch queue: com.apple.main-thread
0 com.apple.JavaScriptCore 0x000000010efacd5c JSC::JSGlobalData::float32ArrayDescriptor() const + 92 (JSGlobalData.h:430)
1 com.apple.JavaScriptCore 0x000000010ef9c01d JSC::DFG::SpeculativeJIT::typedArrayDescriptor(JSC::DFG::Array::Mode) + 349 (DFGSpeculativeJIT.cpp:292)
2 com.apple.JavaScriptCore 0x000000010ef9c08b JSC::DFG::SpeculativeJIT::speculateArray(JSC::DFG::Array::Mode, JSC::DFG::Edge, JSC::X86Registers::RegisterID) + 43 (DFGSpeculativeJIT.cpp:300)
3 com.apple.JavaScriptCore 0x000000010efd0697 JSC::DFG::SpeculativeJIT::compile(JSC::DFG::Node&) + 12727 (DFGSpeculativeJIT64.cpp:2543)
4 com.apple.JavaScriptCore 0x000000010efa0040 JSC::DFG::SpeculativeJIT::compile(JSC::DFG::BasicBlock&) + 2992 (DFGSpeculativeJIT.cpp:1377)
5 com.apple.JavaScriptCore 0x000000010efa1ac8 JSC::DFG::SpeculativeJIT::compile() + 248 (DFGSpeculativeJIT.cpp:1585)
6 com.apple.JavaScriptCore 0x000000010ef6f8c9 JSC::DFG::JITCompiler::compileBody(JSC::DFG::SpeculativeJIT&) + 25 (DFGJITCompiler.cpp:91)
7 com.apple.JavaScriptCore 0x000000010ef70b6a JSC::DFG::JITCompiler::compileFunction(JSC::JITCode&, JSC::MacroAssemblerCodePtr&) + 314 (DFGJITCompiler.cpp:270)
8 com.apple.JavaScriptCore 0x000000010ef61690 JSC::DFG::compile(JSC::DFG::CompileMode, JSC::ExecState*, JSC::CodeBlock*, JSC::JITCode&, JSC::MacroAssemblerCodePtr*, unsigned int) + 1472 (DFGDriver.cpp:154)
9 com.apple.JavaScriptCore 0x000000010ef610bc JSC::DFG::tryCompileFunction(JSC::ExecState*, JSC::CodeBlock*, JSC::JITCode&, JSC::MacroAssemblerCodePtr&, unsigned int) + 60 (DFGDriver.cpp:172)
10 com.apple.JavaScriptCore 0x000000010effaff9 JSC::jitCompileFunctionIfAppropriate(JSC::ExecState*, WTF::OwnPtr<JSC::FunctionCodeBlock>&, JSC::JITCode&, JSC::MacroAssemblerCodePtr&, JSC::SharedSymbolTable*&, JSC::JITCode::JITType, unsigned int, JSC::JITCompilationEffort) + 249 (JITDriver.h:95)
11 com.apple.JavaScriptCore 0x000000010effb992 JSC::prepareFunctionForExecution(JSC::ExecState*, WTF::OwnPtr<JSC::FunctionCodeBlock>&, JSC::JITCode&, JSC::MacroAssemblerCodePtr&, JSC::SharedSymbolTable*&, JSC::JITCode::JITType, unsigned int, JSC::CodeSpecializationKind) + 290 (ExecutionHarness.h:64)
12 com.apple.JavaScriptCore 0x000000010eff789a JSC::FunctionExecutable::compileForCallInternal(JSC::ExecState*, JSC::ScopeChainNode*, JSC::JITCode::JITType, unsigned int) + 810 (Executable.cpp:532)
13 com.apple.JavaScriptCore 0x000000010eff74fb JSC::FunctionExecutable::compileOptimizedForCall(JSC::ExecState*, JSC::ScopeChainNode*, unsigned int) + 331 (Executable.cpp:442)
14 com.apple.JavaScriptCore 0x000000010eee9050 JSC::FunctionExecutable::compileOptimizedFor(JSC::ExecState*, JSC::ScopeChainNode*, unsigned int, JSC::CodeSpecializationKind) + 336 (Executable.h:611)
15 com.apple.JavaScriptCore 0x000000010eee1e3e JSC::FunctionCodeBlock::compileOptimized(JSC::ExecState*, JSC::ScopeChainNode*, unsigned int) + 158 (CodeBlock.cpp:2744)
16 com.apple.JavaScriptCore 0x000000010f0544ec cti_optimize + 284 (JITStubs.cpp:2025)
17 com.apple.JavaScriptCore 0x000000010f05be10 0x10ee66000 + 2055696
18 com.apple.JavaScriptCore 0x000000010f022a24 JSC::JITCode::execute(JSC::RegisterFile*, JSC::ExecState*, JSC::JSGlobalData*) + 84 (JITCode.h:133)
19 com.apple.JavaScriptCore 0x000000010f01edb2 JSC::Interpreter::execute(JSC::ProgramExecutable*, JSC::ExecState*, JSC::ScopeChainNode*, JSC::JSObject*) + 4866 (Interpreter.cpp:1250)
20 com.apple.JavaScriptCore 0x000000010ef038cc JSC::evaluate(JSC::ExecState*, JSC::ScopeChainNode*, JSC::SourceCode const&, JSC::JSValue, JSC::JSValue*) + 492 (Completion.cpp:75)
21 com.apple.WebCore 0x00000001108f943a WebCore::JSMainThreadExecState::evaluate(JSC::ExecState*, JSC::ScopeChainNode*, JSC::SourceCode const&, JSC::JSValue, JSC::JSValue*) + 90 (JSMainThreadExecState.h:77)
22 com.apple.WebCore 0x00000001110a3192 WebCore::ScriptController::evaluateInWorld(WebCore::ScriptSourceCode const&, WebCore::DOMWrapperWorld*) + 370 (ScriptController.cpp:148)
23 com.apple.WebCore 0x00000001110a32c4 WebCore::ScriptController::evaluate(WebCore::ScriptSourceCode const&) + 68 (ScriptController.cpp:165)
24 com.apple.WebCore 0x00000001110bb1f6 WebCore::ScriptElement::executeScript(WebCore::ScriptSourceCode const&) + 742 (ScriptElement.cpp:301)
25 com.apple.WebCore 0x0000000110497999 WebCore::HTMLScriptRunner::executePendingScriptAndDispatchEvent(WebCore::PendingScript&) + 361 (HTMLScriptRunner.cpp:139)
26 com.apple.WebCore 0x0000000110497816 WebCore::HTMLScriptRunner::executeParsingBlockingScript() + 438 (HTMLScriptRunner.cpp:118)
27 com.apple.WebCore 0x0000000110498021 WebCore::HTMLScriptRunner::executeParsingBlockingScripts() + 97 (HTMLScriptRunner.cpp:190)
28 com.apple.WebCore 0x000000011049819d WebCore::HTMLScriptRunner::executeScriptsWaitingForLoad(WebCore::CachedResource*) + 365 (HTMLScriptRunner.cpp:200)
29 com.apple.WebCore 0x000000011040d432 WebCore::HTMLDocumentParser::notifyFinished(WebCore::CachedResource*) + 290 (HTMLDocumentParser.cpp:515)
30 com.apple.WebCore 0x000000011040d4af non-virtual thunk to WebCore::HTMLDocumentParser::notifyFinished(WebCore::CachedResource*) + 47
31 com.apple.WebCore 0x000000010fd7334d WebCore::CachedResource::checkNotify() + 109 (CachedResource.cpp:248)
32 com.apple.WebCore 0x000000010fd8f2bb WebCore::CachedScript::data(WTF::PassRefPtr<WebCore::SharedBuffer>, bool) + 187 (CachedScript.cpp:91)
33 com.apple.WebCore 0x000000011126cd7c WebCore::SubresourceLoader::didFinishLoading(double) + 524 (SubresourceLoader.cpp:298)
34 com.apple.WebCore 0x000000011105f3a5 WebCore::ResourceLoader::didFinishLoading(WebCore::ResourceHandle*, double) + 53 (ResourceLoader.cpp:442)
35 com.apple.WebCore 0x000000011105bfea -[WebCoreResourceHandleAsDelegate connectionDidFinishLoading:] + 186 (ResourceHandleMac.mm:861)
36 com.apple.Foundation 0x00007fff88cd11e8 __65-[NSURLConnectionInternal _withConnectionAndDelegate:onlyActive:]_block_invoke_0 + 28
37 com.apple.Foundation 0x00007fff88cd112c -[NSURLConnectionInternal _withConnectionAndDelegate:onlyActive:] + 227
38 com.apple.Foundation 0x00007fff88cd1028 -[NSURLConnectionInternal _withActiveConnectionAndDelegate:] + 63
39 com.apple.CFNetwork 0x00007fff89450181 ___delegate_didFinishLoading_block_invoke_0 + 40
40 com.apple.CFNetwork 0x00007fff894426fa ___withDelegateAsync_block_invoke_0 + 90
41 com.apple.CFNetwork 0x00007fff894d25ca __block_global_1 + 28
42 com.apple.CoreFoundation 0x00007fff8e2ade44 CFArrayApplyFunction + 68
43 com.apple.CFNetwork 0x00007fff89433894 RunloopBlockContext::perform() + 124
44 com.apple.CFNetwork 0x00007fff8943376b MultiplexerSource::perform() + 221
45 com.apple.CoreFoundation 0x00007fff8e28f841 __CFRUNLOOP_IS_CALLING_OUT_TO_A_SOURCE0_PERFORM_FUNCTION__ + 17
46 com.apple.CoreFoundation 0x00007fff8e28f165 __CFRunLoopDoSources0 + 245
47 com.apple.CoreFoundation 0x00007fff8e2b24e5 __CFRunLoopRun + 789
48 com.apple.CoreFoundation 0x00007fff8e2b1dd2 CFRunLoopRunSpecific + 290
49 com.apple.HIToolbox 0x00007fff896db774 RunCurrentEventLoopInMode + 209
50 com.apple.HIToolbox 0x00007fff896db512 ReceiveNextEventCommon + 356
51 com.apple.HIToolbox 0x00007fff896db3a3 BlockUntilNextEventMatchingListInMode + 62
52 com.apple.AppKit 0x00007fff881dffa3 _DPSNextEvent + 685
53 com.apple.AppKit 0x00007fff881df862 -[NSApplication nextEventMatchingMask:untilDate:inMode:dequeue:] + 128
54 com.apple.AppKit 0x00007fff881d6c03 -[NSApplication run] + 517
55 com.apple.WebCore 0x0000000111086dfc WebCore::RunLoop::run() + 92 (RunLoopMac.mm:37)
56 com.apple.WebKit2 0x000000010e15e40a WebKit::WebProcessMain(WebKit::CommandLine const&) + 3386 (WebProcessMainMac.mm:228)
57 com.apple.WebKit2 0x000000010e06f418 WebKitMain(WebKit::CommandLine const&) + 200 (WebKitMain.cpp:50)
58 com.apple.WebKit2 0x000000010e06f334 WebKitMain + 148 (WebKitMain.cpp:74)
59 com.apple.WebProcess 0x000000010de25da2 main + 274
60 libdyld.dylib 0x00007fff89da77e1 start + 1
--
Configure bugmail: https://bugs.webkit.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.
More information about the webkit-unassigned
mailing list